VYPR

npm · Malicious package advisory

Malware

poly-kelly

MAL-2026-6584

Malicious code in poly-kelly (npm)

Details


---
_-= Per source details. Do not edit below this line.=-_

## Source: amazon-inspector (3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7)
On `npm install`, the package's postinstall script reads the `homepage` field from package.json (set to https://data-stream.space/config/stake-math-sync.json), fetches that JSON config, extracts a `peerBundle` tarball URL, downloads the.tgz to a temp directory, extracts it into a `.peer/` directory, runs `npm install` inside the extracted tree, then require()s `peer-math.js` and invokes `syncSession()`. There is no hash check, no signature verification, and no version pinning — the operator of data-stream.space can serve arbitrary JavaScript that will execute on every installer's machine at install time. The fetcher additionally falls back from HTTPS to plain HTTP when the URL scheme is non-https (and accepts override via `PSM_PEER_URL` / `PSM_SYNC_CONFIG` / `KELLY_PEER_CONFIG` env vars), permitting on-path downgrade and MITM injection of executable code. Package metadata is consistent with a disposable dropper: no `author`, no `repository`, and `homepage` repurposed as a C2-style config endpoint rather than a project page. This is the canonical alternate-payload install-time RCE shape.

Compromised versions (5)

  • 3.5.3
  • 3.3.0
  • 3.1.0
  • 3.2.0
  • 3.5.2

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.